Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Transcription

1 The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard (PA DSS) was derived from and aligns with PCI DSS. Assuria Log Manager (ALM) is a proven PCI DSS and PA DSS solution, and is deployed and fully operational in customers sites in over 30 countries. Our Forensic Log Management / SIEM solution, provides built-in PCI DSS analysis, alerting and reporting features through the optional PCI Content Pack. CyberSense Enterprise Scanner offer system level security and compliance controls that can be used for server hardening, configuration assurance, vulnerability assessments, change detection and compliance. No.1 Install and maintain a firewall configuration to protect data Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices Assuria Log Manager (ALM) collects logs from external and internal firewalls in a secure manner using the vendors own API and preferred collection where possible and sends them via a TLS encrypted connection when agents are used to manage the log rotations or by the most secure connection available to an ALM collector. When avoiding syslog is not possible, we prefer to use RFC 5424 but if UDP-based syslog is unavoidable we try to keep the hops as short as possible and on the same Ethernet segment. Once ALM has collected the firewall logs it adds them to the database store where they can monitor traffic to and from the card holder systems. ALM can monitor and report on firewall changes and alert on inappropriate usage in the card holder network. Cybersense Enterprise Scanner can check the configurations on Host Intrusion Prevention systems and personal firewalls that have direct connectivity to the internet. No.2 Do not use vendor-supplied defaults for system passwords and other security parameters Assuria can check the configurations of internal servers against PCI controls and monitor and alert on non encrypted protocol usage in the card holder network Assuria Log Manager (ALM) provide forensically sound logs for all events such as recording all services used by Role Based Access Control (RBAC) and alerts can be triggered to alarm on the use of non encrypted protocols. CyberSense Enterprise Scanner have a core capability that lends itself to server hardening and credential based vulnerability scanning to aid configuration assurance to help companies reach compliance standards such as PCI. PCI DSS 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.

2 No.3 Protect stored card holder data Assuria can check configurations of internal servers holding card holder data and also protectively monitor systems for changes and then can alert users if data is at risk Assuria Log Manager (ALM) can provide a series of alerts on actions taken for specific files and objects to raise awareness of real time threats such as when a cryptographic key has been changed, added or deleted. CyberSense Enterprise Scanner provide file integrity monitoring for the card holder environment No.4 Encrypt transmission of card holder data across open, public networks Assuria can protectively monitor the card holder network to ensure that only the proper protocols are being used Assuria Log Manager (ALM) can provide forensically sound logs for all events such as recording all services used by Role Based Access Control (RBAC) and alerts can be triggered to alarm on the use of non encrypted protocols. ALM can also help collect reports from additional third party devices such as Intrusion Prevention or Network Access Control systems that are currently being used on site to provide wireless network detection ability. No.5 Use and regularly update anti-virus software or programs Assuria can protectively monitor anti-virus software as well as check configurations and complement malware protection in the card holder data environment. Assuria Log Manager (ALM) collects logs from many Antivirus solutions including McAfee, Symantec, Trend Micro, Sophos, Kaspersky and many others in a forensically sound manner. Alerts can be created when malware is detected which could compromise the cardholder environment. CyberSense Enterprise Scanner have a core capability that lends itself to server hardening and credential based vulnerability scanning to aid configuration assurance to help companies reach compliance standards such as PCI. Assuria could in effect setup audit controls to confirm that the antivirus programs are setup correctly on core systems and that predefined organisation security policies are in place. Cybersense Object Scanner can break down PDF documents to their core components and check for malware and potential zero day threats before repackaging the files to a safe format

3 No.6 Develop and maintain secure systems and applications Assuria can help organisations develop and maintain secure systems and applications Assuria ALM has the ability to collect logs from Microsoft WSUS in order to monitor and alert on critical patch installations and failures but can also operate with other third party software to provide the same level of reporting for patches deployed in secure card holder data segments of the network. CyberSense Enterprise Scanner offer a credential based deep vulnerability scan in order to check the configuration status where aligned to vulnerabilities to both can be compounded to give a more thorough understanding of the systems security status. CyberSense Enterprise scanner uses CVSS scores to prioritise the criticality of host and as per the PCI Council recommendation in June 2012 we use a taxonomy to make and CVSS score that is 4.0> a high risk vulnerability. CyberSense Enterprise Scanner can ensure that all system components and software have the latest vendor supplied patches installed correctly. The Security Configuration Management aspects of Assuria can help establish a process to identify newly discovered vulnerabilities and that your organisation follow change control procedures for all changes in system components. No.7 Restrict access to card holder data by business need to know Assuria can audit and monitor privilege user access Assuria Log Manager (ALM) can monitor privilege user access to card holder data via full Role-based access control (RBAC). Alerts can be triggered upon inappropriate user access to the appropriate channels to apply with access control policies and procedures. Cybersense Enterprise Scanner has file integrity monitoring ability to audit who has access to what, where and when. No.8 Assign a unique ID to each person with computer access Assuria can help identify shared account usage in the card holder network Assuria Log Manager (ALM) can report on all user activity from account creation, edits and deletes to adhere to compliance standards and internal policies. Cybersense Enterprise Scanner can run deep credential based scans to help configuration assurance on key servers in order to confirm who has access, to what, where and when.

4 No.9 Restrict physical access to card holder data Assuria can protectively monitor and alert on physical and electronic assets in the card holder network Assuria Log Manager (ALM) can monitor and alert on multiple physical access control systems in parallel by integrating with network and VPN logs at the same time as physical access control systems like door entry systems. ALM can log backup devices used in the storage of PCI data allocation and can alert on backup failures and when any users access the sensitive information. ALM currently supports a number of backup and disaster recovery vendors including Symantec, Microsoft, VMware and many others. ALM has the ability to collect logs from none security related products and applications to aid further business processes and have worked with companies in the past to collect logs on VoIP phone systems and bespoke software used in the collection of logs for financial and legal investigation. ALM can also monitor electronic assets as they are created, edited, deleted or copied through the card holder network by integrating with Data Loss Prevention (DLP) and protective marking systems like Boldon James, Metalogix, and Titus. No.10 Track and monitor all access to network resources and card holder data Assuria automates collection, centralisation and monitoring of logs from servers, applications, security and other devices, significantly reducing the cost of compliance. Assuria Log Manager (ALM) is a forensically sound UK government accredited log management / SIEM product that automates and manages the secure collection of log data via agent based or agentless technology. The small footprint ALM agents are available for Windows, UNIX and Linux servers, databases, applications, network devices, firewalls, routers, access control systems and many more. Collection from new log sources can be added via agent plug-ins. Collected logs are stored in their original format in a standard file / folder structure with log data integrity ensured through digital signatures and cryptographic hashes to maintain the chain of custody and to prevent against unauthorised access. Cybersense Enterprise Scanner can confirm the configuration assurance of key servers used to store card holder data for PCI. Configuration Assurance can verify that log files are being created correctly and that user rights for the server setup correctly as part of a general server hardening exercise.

5 No.11 Regularly test security systems and processes Assuria can collect logs from intrusion detection/prevention systems and has integrated file integrity monitoring capabilities. The collection of IDS/IPS logs helps to ensure and validate compliance. Assuria has file integrity monitoring capabilities can be used to directly meet requirement Assuria Log Manager (ALM) collects logs from Intrusion Prevention and Detection systems such as Sourcefire, Check Point, Stonesoft, Palo Alto, Cisco and many others. The logs taken from IDS/IPS vendors is done via secure API's where possible to maintain the integrity of the data. A good example of this can bee seen with Sourcefire as ALM collects the vendors preferred log source via estream and JDBC which show the full level of IPS/IDS details where as other SIEM vendors only collect Syslog which doesn't provide as much data and is an untrusted log source. Cybersense Enterprise Scanner provide file integrity monitoring as a core capability of the product and credential based deep vulnerability scans can be run on key card holder servers. Full PCI DSS configuration reports can be run on systems and Assuria is compatible with CVSS and CVE in identifying vulnerable servers. No.12 Maintain a policy that addresses information security for employees and contractors Assuria provides centralised intelligence that can support the organisational security policy, including incident handling and response. Because policies are flexible, Assuria is ready to expand beyond the card holder data environment to provide support to other areas of the organisation that need its critical services. Assuria Log Manager (ALM) has the ability to collect logs from none security related products and applications to aid further business processes and have worked with companies in the past to collect logs on VoIP phone systems and bespoke software used in the collection of logs for financial and legal investigation. Cybersense Enterprise Scanner provide central audit capabilities to be run against key servers to confirm how the configurations stand up against many compliance standards.